The National Cyber Security Centre (NCSC) has recently launched its ninth Annual Review, revealing that a growing threat landscape is outpacing the UK’s cyber resilience
CEO Richard Horne warned that the urgency to act has never been greater as cyber incidents increase in scale, frequency, and impact across all sectors of the economy.
Rising number of cyber attacks
In the year leading up to August 2025, the NCSC’s Incident Management team responded to 429 cyber incidents. Nearly half of these were seen as nationally significant. On average, the UK experienced four of these high-level attacks each week, with 18 considered “highly significant”, meaning they had major effects on government services, essential infrastructure, the economy, or a significant portion of the population.
This marks a 50% increase in highly significant incidents compared to the previous year, continuing a concerning upward trend. Horne emphasised that while many attacks still fail, the ones that succeed are becoming more sophisticated and damaging.
A bigger problem than IT issues
Cyber attacks are no longer just technical challenges; they are national security concerns with real-world consequences. Disruptions can halt operations, damage reputations, and directly impact people’s lives and livelihoods. Affected organisations often face emotional and financial strain, with employees, suppliers, and customers all feeling the impact.
The NCSC highlighted that many businesses remain unprepared to continue operations if hit by a major cyber incident. Without clear plans for continuity, organisations risk severe disruption if critical IT systems are compromised.
Planning for resilience
The main message from the NCSC is that every organisation, regardless of size, needs a solid cyber defence and continuity strategy. Leaders are urged to ask themselves whether their organisation could still function if systems were suddenly taken offline. If the answer is uncertain, immediate action is required.
Resilience planning isn’t just a task for IT teams it must be owned and driven by senior leadership. Cyber security, according to the NCSC, is now a whole-organisation issue and a key component of operational risk management.
Supporting businesses
To help organisations take their first steps toward better protection, the NCSC is launching a new Cyber Action Toolkit aimed at sole traders and small businesses. The toolkit simplifies essential cybersecurity measures, making them more accessible.
As the Cyber Essentials scheme continues to grow, it helps organisations implement strong foundational defences. For small businesses, this includes the added benefit of free cyber insurance. For board-level executives, the NCSC has developed Cyber Governance Training to help them understand and oversee cyber risks effectively.
The NCSC is also working with internet providers through its Share and Defend service to block millions of attempts to connect to harmful websites, protecting consumers before damage can occur.
The NCSC is part of an expanding network of international cyber defence alliances. Last month, 13 nations came together to expose a malicious global campaign linked to technology firms in China, showing the value of international cooperation in defending critical networks.
The NCSC urges that, with cyber threats increasing, the UK must act decisively. Every organisation must develop, test, and maintain continuity plans that will allow it to keep operating during an attack.
